Overview

File openssl-1_1-ossl-sli-017-X9.31-sign.patch of Package openssl-1_1

Index: openssl-1.1.1w/crypto/rsa/rsa_ossl.c
===================================================================
--- openssl-1.1.1w.orig/crypto/rsa/rsa_ossl.c
+++ openssl-1.1.1w/crypto/rsa/rsa_ossl.c
@@ -11,6 +11,7 @@
 #include "crypto/bn.h"
 #include "rsa_local.h"
 #include "internal/constant_time.h"
+#include "openssl/rsaerr.h"
 
 #ifdef OPENSSL_FIPS
 # include <openssl/fips.h>
@@ -286,6 +287,12 @@ static int rsa_ossl_private_encrypt(int
             RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
             return -1;
         }
+
+        if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
+            && padding == RSA_X931_PADDING) {
+            RSAerr(RSA_F_RSA_PADDING_ADD_X931, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+            return -1;
+        }
     }
 # endif
 
@@ -577,6 +584,12 @@ static int rsa_ossl_public_decrypt(int f
             RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
             return -1;
         }
+
+        if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
+            && padding == RSA_X931_PADDING) {
+            RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+            return -1;
+        }
     }
 # endif
openSUSE Build Service is sponsored by
Places